On 01.08.2016 11:58, Ben Wiechman wrote:
>
> Does anyone have any experience with FastNetMon?
> (https://github.com/pavel-odintsov/fastnetmon [5]) It seemed to
> potentially be a useful roll your own type of solution.
>
I like it. Works really well with sflow, and netmap (requires intel NIC
+ port mirror) is even better. I found netflow generated more false
positives in limited testing - that could just be timeout
setting-related, but I know the author is not a big netflow fan. FNM
doesn't have a lot knobs to turn on its own - it can email alerts based
on very generic thresholds, which has some value, but a bit of
customization in ExaBGP and/or flowspec is required to do the cool
stuff.
IMO its not a complete solution, but can be a very useful part of an
overall plan, if you want to go the roll-your-own route.
--
Colin Baker
SupraNet Communications, Inc.
(608) 572-7634
[log in to unmask]
This message is subject to the SupraNet Email Confidentiality Policy
which is located at http://supranet.net/confidentiality
|